I&#;x26;#;39;m in the throes of target host recon for another pentest, and thought I&#;x26;#;39;d share some workflow / automation stuff. 
 In the past, I&#;x26;#;39;ve discussed using historic DNS "mining" to collect target hosts in the domain.